A bit of shaggy dog response here! I have not heard the term social engineering for a decade or more. I think it had a political rough time at one time when one of the administrations in the US felt no one should try to change the social system especially in education. All of us who designed computer mediated communication systems tended to believe we were really designing social systems and it was expressed in some early papers. Let me give very a very early simple example or two. Our first messages systems at OEP and at NJIT had their own internal message systems and we designed them to provide notifications of delivery when someone actually displayed the text of a message they received by printing it out on their terminal which was usually thermal paper. So you knew when someone received your message. Some individual users claimed this was an invasion of privacy. However, since the message system was part of a group communication systems and we were trying to foster group collaboration and cohesion our position was that we were making the choice that benefited the group and not the one which might be felt benefited the individual. This was before the days of browsers and unfortunately we can not any longer detect the actual display of a message. Of course we were also dealing with much slower baud rates in those days which were about at reading speed or less. Displaying membership list which indicated the amount of material individuals contributed to the group was also considered a violation of individual privacy but once again we felt it was important to encouraging participation. We also gave signals when members of group logged on so they could chat when they wanted to. This was back in 1971. A lot of interface design functionality choices affect the group atmosphere and so it is always social engineering that a designer of CMC is doing and hopefully consciously. I used to give an exercise in my interface course for the students to design a dictatorship CMC systems which generates a lot of interesting design choices. A good friend of mine in those days was a social engineer, Sam Schelee. In the Delphi Method book from 1975 (free on my website) there is a chapter on the philosophy of Delphi design and Sam did a wonderful chapter explaining "negotiated reality" as a design principle and how one designed Delphis can be based upon that philosophy (Heidigger) for that form of communications. A lot of illustrations in that chapter that are worth looking at. In fact that book has a lot of CMC designs that have never been implemented yet on computers but where successful in paper and pencil forms of group communications. The other chapter in the philosophy section explains the design of Inquiry Systems based upon C. West Churchman's approach using the scientific philosophies-Leibnitz, Lock, Kant, Hegel and Singer. Negotiated reality is not considered scientific; however, it is the philosophy behind advertisements, marketing, labor management negotiations, international treaties, and other such things. Those are all forms of social engineering. Sam was also an ethnomethodolgist. That is a person who always faces the back in an elevator among other things. That is good training for a social engineer. Message: 1 Date: Tue, 13 Jan 2009 10:21:16 +0100 From: "Stephan Humer" <stephan.humer@web.de> Subject: [Air-L] Social Engineering/Social Hacking anyone? To: <air-l@listserv.aoir.org> Hello everybody. Social Engineering is one of my research topics, but unfortunately a neglected one. It would be great to change this situation, so I?d love to get in touch with people who are also working on Social Engineering/Social Hacking issues. Are there any researchers out there who?d like to connect? Are there any research projects I can?t afford to miss? Thanks a lot in advance! Best -- Dr. Stephan G. Humer Research Director, Digital Class University of the Arts Berlin humer@udk-berlin.de - stephan@humer.de Phone: +49 (0)176 6719 3413 - www.humer.de
Just a terminology clarification... Even in the late 80s and early 90s, I think there was a feeling that there was an opportunity to engage in "social engineering" of the sort Prof. Turoff mentions. When I moved from computer science to political science as an undergraduate at UC Irvine--a university where those two departments were closer than in many places at the time--it was explicitly because I wanted to apply the ideas behind the design of complex computer systems to ideas behind designing social institutions, and there were like-minded faculty and students. However, political scientists and techies tend to use the same term to mean different things. I believe the initial question may have to do with a different sort of "social engineering"; via the "Jargon File": "Term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. See also the tiger team story in the patch entry, and rubber-hose cryptanalysis." This includes everything from phishing attacks to pretexting over the phone and dumpster diving for useful password info... - Alex -- -- // // This email is // [X] assumed public and may be blogged / forwarded. // [ ] assumed to be private, please ask before redistributing. // // Alexander C. Halavais, ciberflâneur // http://alex.halavais.net //
participants (2)
-
Alex Halavais -
Murray Turoff